public Ciphertext Encrypt(string text, Secret secret = null) { var cleanTextBytes = _encoding.GetBytes(text); var salt = GenerateRandomBytes(SaltLength); var key = SecretKeyFactory.GetKey(salt, secret, _pbkdf2Iterations); var iv = GenerateRandomBytes(IvLength); var cipher = new GcmBlockCipher(new AesEngine()); var parameters = new AeadParameters(new KeyParameter(key), AuthTagLengthInBits, iv, null); cipher.Init(true, parameters); var cipherTextBytes = new byte[cipher.GetOutputSize(cleanTextBytes.Length)]; var len = cipher.ProcessBytes(cleanTextBytes, 0, cleanTextBytes.Length, cipherTextBytes, 0); cipher.DoFinal(cipherTextBytes, len); byte[] resultBytes; using (var combinedStream = new MemoryStream()) { using (var binaryWriter = new BinaryWriter(combinedStream)) { binaryWriter.Write(salt); binaryWriter.Write(iv); binaryWriter.Write(cipherTextBytes); } resultBytes = combinedStream.ToArray(); } SecretKeyFactory.ShuffleSecretKey(key); var cipheredText = Convert.ToBase64String(resultBytes); return(new Ciphertext(Name + ":" + cipheredText, secret.Version)); }
/// <summary> /// FunciĆ³n encargada de encriptar los datos del usuario /// </summary> /// <param name="password"></param> /// <returns></returns> public ArrayList encryptOutlook(string password) { string semilla = "0uTl@k"; string marcaTiempo = ""; ArrayList resultado = new ArrayList(); string encriptado = ""; try { // do // { byte[] iv = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; IvParameterSpec ivspec = new IvParameterSpec(iv); marcaTiempo = (new SimpleDateFormat("ddMMyyyyHHmmss")).format(new Date()); KeySpec clave = new PBEKeySpec(marcaTiempo.ToCharArray(), Encoding.Default.GetBytes(semilla), 65536, 256); SecretKey hash = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(clave); SecretKeySpec key = new SecretKeySpec(hash.getEncoded(), "AES"); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key, ivspec); encriptado = Base64.getEncoder().encodeToString(cipher.doFinal(Encoding.UTF8.GetBytes(password))); resultado.add(encriptado); resultado.add(marcaTiempo); } catch (Exception e) { System.Console.WriteLine("Error en la encriptacion: " + e.ToString()); resultado = new ArrayList(); } return(resultado); }
/// <exception cref="System.Exception"></exception> public override void Init(int mode, byte[] key, byte[] iv) { string pad = "NoPadding"; //if(padding) pad="PKCS5Padding"; byte[] tmp; if (iv.Length > ivsize) { tmp = new byte[ivsize]; System.Array.Copy(iv, 0, tmp, 0, tmp.Length); iv = tmp; } if (key.Length > bsize) { tmp = new byte[bsize]; System.Array.Copy(key, 0, tmp, 0, tmp.Length); key = tmp; } try { cipher = Sharpen.Cipher.GetInstance("DESede/CTR/" + pad); DESedeKeySpec keyspec = new DESedeKeySpec(key); SecretKeyFactory keyfactory = SecretKeyFactory.GetInstance("DESede"); SecretKey _key = keyfactory.GenerateSecret(keyspec); cipher.Init((mode == ENCRYPT_MODE ? Sharpen.Cipher.ENCRYPT_MODE : Sharpen.Cipher. DECRYPT_MODE), _key, new IvParameterSpec(iv)); } catch (Exception e) { cipher = null; throw; } }
public void GetKeyTest() { var secretData = SecretsDataGenerator.FromPassword("secret"); var salt = Encoding.UTF8.GetBytes(Guid.NewGuid().ToString()); var key = SecretKeyFactory.GetKey(salt, secretData.CurrentSecret, 1000); Assert.IsNotNull(key); Assert.IsNotEmpty(key); }
/// <exception cref="Sharpen.InvalidKeySpecException"></exception> /// <exception cref="Sharpen.NoSuchAlgorithmException"></exception> internal ObjectEncryptionV2(string algo, string key) { algorithmName = algo; PBEKeySpec s; s = new PBEKeySpec(key.ToCharArray(), salt, ITERATION_COUNT, 32); skey = SecretKeyFactory.GetInstance(algo).GenerateSecret(s); aspec = new PBEParameterSpec(salt, ITERATION_COUNT); }
public void Add(string key, string value) { PBEKeySpec keyspec = new PBEKeySpec(value.ToCharArray()); SecretKeyFactory fk = SecretKeyFactory.GetInstance("PBEWithMD5andDES"); ISecretKey mysec = fk.GenerateSecret(keyspec); KeyStore.SecretKeyEntry entry = new KeyStore.SecretKeyEntry(mysec); keyStore.SetEntry(key, entry, Password); Save(); }
public void CreateKey(string password, string userEmail) { // Remove key to overwrite, otherwise nothing DeleteKey(); // Make password based key with many iterations, a salt, and user-related value (email?) var spec = new PBEKeySpec((password + userEmail).ToCharArray(), SALT, ITERATIONS, KEY_SIZE); var keyGenerator = SecretKeyFactory.GetInstance("PBEWithHmacSHA256AndAES_256"); var key = keyGenerator.GenerateSecret(spec); _storageHelper.StoreItem <byte[]>(_keyAlias, key.GetEncoded()); }
public override string Encrypt(byte[] textBytes, CustomEncryptionKey secretKey) { var secretBytes = secretKey?.GetSecretBytes(); try { return(SimpleFernet.Encrypt(secretBytes, textBytes)); } finally { SecretKeyFactory.ShuffleSecretKey(secretBytes); } }
public void GetKeyNegativeTest() { var secret = new EncryptionSecret(1, Encoding.UTF8.GetBytes("password")); var salt = Encoding.UTF8.GetBytes(Guid.NewGuid().ToString()); var exception = Assert.Throws <StorageCryptoException>(() => SecretKeyFactory.GetKey(salt, null, 1000)); Assert.AreEqual("Secret is null", exception.Message); exception = Assert.Throws <StorageCryptoException>(() => SecretKeyFactory.GetKey(null, secret, -1)); Assert.AreEqual("Unable to generate secret", exception.Message); Assert.NotNull(exception.InnerException); }
public AESObfuscator(byte[] salt, string password) { try { SecretKeyFactory factory = SecretKeyFactory.GetInstance(KEYGEN_ALGORITHM); PBEKeySpec keySpec = new PBEKeySpec(password.ToCharArray(), salt, 1024, 256); ISecretKey tmp = factory.GenerateSecret(keySpec); ISecretKey secret = new SecretKeySpec(tmp.GetEncoded(), "AES"); mEncryptor = Cipher.GetInstance(CIPHER_ALGORITHM); mEncryptor.Init(Cipher.EncryptMode, secret, new IvParameterSpec(IV)); mDecryptor = Cipher.GetInstance(CIPHER_ALGORITHM); mDecryptor.Init(Cipher.DecryptMode, secret, new IvParameterSpec(IV)); } catch (GeneralSecurityException e) { // This can't happen on a compatible Android device. throw new RuntimeException("Invalid environment", e); } }
protected static string DecodeBytes(byte[] decodedBytes, Secret secret, int pbkdf2Iterations, Encoding encoding) { #pragma warning disable CA1062 var invalidCipherLength = decodedBytes.Length < MetaInfoLength; #pragma warning restore CA1062 s_helper.Check <StorageCryptoException>(invalidCipherLength, Messages.AesGcmCipher.s_errWrongEncryptedText); s_helper.Check <StorageCryptoException>(secret == null, Messages.AesGcmCipher.s_errNoSecret); s_helper.Check <StorageCryptoException>(encoding == null, Messages.AesGcmCipher.s_errNoEncoding); var salt = Arrays.CopyOfRange(decodedBytes, 0, SaltLength); var iv = Arrays.CopyOfRange(decodedBytes, SaltLength, MetaInfoLength); var encrypted = Arrays.CopyOfRange(decodedBytes, MetaInfoLength, decodedBytes.Length); var key = SecretKeyFactory.GetKey(salt, secret, pbkdf2Iterations); try { var cipher = new GcmBlockCipher(new AesEngine()); var parameters = new AeadParameters(new KeyParameter(key), AuthTagLengthInBits, iv, null); cipher.Init(false, parameters); var decryptedText = new byte[cipher.GetOutputSize(encrypted.Length)]; var len = cipher.ProcessBytes(encrypted, 0, encrypted.Length, decryptedText, 0); cipher.DoFinal(decryptedText, len); #pragma warning disable CA1062 return(encoding.GetString(decryptedText)); #pragma warning restore CA1062 } catch (InvalidCipherTextException ex) { s_log.Error(ex, Messages.AesGcmCipher.s_errInvalidCipher); throw new StorageCryptoException(Messages.AesGcmCipher.s_errInvalidCipher, ex); } catch (System.Exception ex) { s_log.Error(ex, Messages.AesGcmCipher.s_errUnexpectedDuringDecryption); throw new StorageCryptoException(Messages.AesGcmCipher.s_errUnexpectedDuringDecryption, ex); } finally { SecretKeyFactory.ShuffleSecretKey(key); } }
/// <summary> /// Initializes a new instance of the <see cref="AesObfuscator"/> class. /// The aes obfuscator. /// </summary> /// <param name="salt"> /// an array of random bytes to use for each (un)obfuscation /// </param> /// <param name="applicationId"> /// application identifier, e.g. the package name /// </param> /// <param name="deviceId"> /// device identifier. Use as many sources as possible to /// create this unique identifier. /// </param> public AesObfuscator(byte[] salt, string applicationId, string deviceId) { try { SecretKeyFactory factory = SecretKeyFactory.GetInstance(KeygenAlgorithm); IKeySpec keySpec = new PBEKeySpec((applicationId + deviceId).ToCharArray(), salt, 1024, 256); ISecretKey tmp = factory.GenerateSecret(keySpec); ISecretKey secret = new SecretKeySpec(tmp.GetEncoded(), "AES"); this.encryptor = Cipher.GetInstance(CipherAlgorithm); this.encryptor.Init(CipherMode.EncryptMode, secret, new IvParameterSpec(Iv)); this.decryptor = Cipher.GetInstance(CipherAlgorithm); this.decryptor.Init(CipherMode.DecryptMode, secret, new IvParameterSpec(Iv)); } catch (GeneralSecurityException e) { // This can't happen on a compatible Android device. throw new RuntimeException("Invalid environment", e); } }